package com.deyuanyun.pic.settings.support.shiro;

import java.io.IOException;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import com.deyuanyun.pic.common.util.web.Asserts;

import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * Created by xu on 2015/12/22.
 * 自定义的shirofilter
 */
public class MyShiroFilter extends AuthorizationFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
        //String requestUrl = ((HttpServletRequest)request).getRequestURI();
        Subject subject = this.getSubject(request, response);
        String[] perms = (String[])((String[])mappedValue);
        boolean isPermitted = true;
        if(perms != null && perms.length > 0) {
            if(perms.length == 1) {
                if(!subject.isPermitted(perms[0])) {
                    isPermitted = false;
                }
            } else {
                isPermitted=false;
                for (String p:perms){
                    if (subject.isPermitted(p)){
                        isPermitted=true;
                        break;
                    }
                }
            }
        }
        //Asserts.assertTrue(isPermitted, "你没有访问该链接的权限！");
        //return isPermitted;
        return true;
    }
}
